Static Evidences for Attack Reconstruction
Control Flow Analysis (CFA) has been proven successful for the analysis of cryptographic protocols. Due to its over-approximative nature, the absence of detected flaws implies their absence also at run time, while their presence only says that there is the possibility for flaws to occur. Nevertheless, the static detection of a flaw can be considered as a warning bell that alerts against a possible attack, of which the flaw is the result. Reconstructing the possible attack leading to the detected flaw is not trivial, though. We propose a CFA enriched with causal information that accounts for attacker activity. In case a flaw is predicted, the causal information provides a sort of climbing holds that can be escalated to reconstruct the attack sequence leading to the flaw.
KeywordsPattern Match Cryptographic Protocol Static Violation Causal Information Encrypt Message
We would like to thank Mikael Bucholtz, Hanne Riis Nielson, Flemming Nielson and, in particular, Pierpaolo Degano for the many valuable discussions on CFA, on LySa, and on other issues. Some of the ideas developed here have their roots in those discussions. Furthermore, we thank our anonymous referees for their useful comments.
- 2.Allamigeon, X., Blanchet, B.: Reconstruction of attacks against cryptographic protocols. In: 18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), pp. 140–154 (2005)Google Scholar
- 3.Backes, M., Cortesi, A., Maffei, M.: Causality-based abstraction of multiplicity in security protocols. In: IEEE Computer Security Foundations Symposium (CSF’07), pp. 355–369 (2007)Google Scholar
- 6.Buchholtz, M., Maidl, M., Bodei, C., Degano, P., Priami, C.: Deliverable D14, Final Report on Static Techniques. Technical report, Project DEGAS IST-2001-32072 (2004)Google Scholar
- 9.Crazzolara, F., Winskel, G.: Events in security protocols. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 96–105 (2001)Google Scholar
- 13.Gao, H., Bodei, C., Degano, P., Nielson, H.R.: A formal analysis for capturing replay attacks in cryptographic protocols. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 150–165. Springer, Heidelberg (2007) Google Scholar